Solved

Cisco PIX 515 upgrade failing

Posted on 2011-09-20
34
1,584 Views
Last Modified: 2012-05-12
I'm trying to update a cisco pix 515.  I TFTP the pixXXX.bin file and it doesn't ask me to load to flash.  I get a compressed image : decoding error = 1.

I have to load it from monitor mode because the first time I tried to load the bin file it failed and now it won't load anything.

This is what I get after loading image.

Cisco Security Appliance admin loader (3.0) #0: Tue Nov  6 18:34:28 MST 2007
sumval(0x8390) chksum(0x0   )md5(0xe2334b81 0xcec51c4b 0x2b3cc798 0xd20fa029)
md5(0xc36b8164 0x9cfab366 0x0589dab6 0x1ce10d34)
Checksum verification on install image failed.



Rebooting....

Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar  2 22:59:20 PST 2000
Platform PIX-515
Flash=i28F640J5 @ 0x300
0
Comment
Question by:IntekTech
  • 17
  • 14
  • 2
  • +1
34 Comments
 

Author Comment

by:IntekTech
ID: 36568755
PLEASE HELP!!!!!

The firewall is not working.

Thanks
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36568806
Looks like that image is corrupt. Could you try downloading it again from Cisco?
0
 

Author Comment

by:IntekTech
ID: 36568825
I downloaded multiple copies.  Still does the same thing.  I'll try again now.
0
 

Author Comment

by:IntekTech
ID: 36568881
This is what I got after the TFTP.

Received 7630848 bytes

Cisco Security Appliance admin loader (3.0) #0: Wed Mar 18 16:07:32 MDT 2009
sumval(0x8573) chksum(0x0   )md5(0x3053d49b 0x9445f51c 0x83fe466b 0xb3e7d7a7)
md5(0xb2589d2d 0x0a690408 0x244b3e7d 0x018693d5)
Checksum verification on install image failed.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 36569083
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 36569091
Search for "failed" keyword on the link above, you will find some info regarding you error
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36569125
So how are you trying to tftp it over?
0
 

Author Comment

by:IntekTech
ID: 36569154
I tftp from monitor mode
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36569235
What commands did you use?
Did you try another image (version)?
Did you try another tftp server?
Did you check the ( memory) requirements for the new image?
0
 

Author Comment

by:IntekTech
ID: 36570163
I can only use the monitor mode commands:
interface, address, server, gateway, file, and tftp

I tried multiple images with the same TFTP Server.
I'm running 256MB RAM on the PIX 515

What TFTP Server would you recommend using?
0
 
LVL 16

Expert Comment

by:InteraX
ID: 36570484
Have you checked the md5 checksum of the image you have with the one published on cisco's download site?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36572048
I normally use the one from solarwinds: http://www.solarwinds.com/products/freetools/free_tftp_server.aspx

Or I use the one included in kiwi cattools: http://www.kiwisyslog.com/kiwi-cattools-overview/
0
 

Author Comment

by:IntekTech
ID: 36573012
Do I have to match the checksum with my pix's?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36573041
You have to check the md5 checksum of the downloaded binary (using a tool like: http://www.softpedia.com/get/System/File-Management/MD5-Check.shtml) against the value on the cisco download area for that binary.
0
 

Author Comment

by:IntekTech
ID: 36575444
checksum was good on downloaded file.  This is what I get when trying to load it on the PIX.

Received 1658880 bytes

Cisco Secure PIX Firewall admin loader (3.0) #0: Fri Jun  7 17:35:02 PDT 2002
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
imgsum_config: sumval(0xb8d2) md5(0x02e2b648 0xde86edf0 0x6215ea96 0x66ed027c)
imgsum_verify: chksum(0x0   ) md5(0x513bb0f7 0x09df2683 0xd31c7b6f 0x1ff80e82)
Checksum verification on flash image failed.
imgsum_config: sumval(0xd624) md5(0x02e2b648 0xde86edf0 0x6215ea96 0x66ed027c)
imgsum_verify: chksum(0x0   ) md5(0x0221c84f 0x5304713d 0xc3e80f0a 0xe80412b7)
Checksum verification on install image failed.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36575495
Ok, already tried another tftp server?
0
 

Author Comment

by:IntekTech
ID: 36575518
Yeah.  downloaded the solarwinds.  Same thing.

seemed yesterday I loaded pix635.bin and this is what I got below.  When I put the license information in it goes to flash and then loads the run config.  When I do a reload it doesn't load it back.

Cisco Secure PIX Firewall admin loader (3.0) #0: Thu Aug  4 21:23:30 PDT 2005
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
imgsum_config: sumval(0xb8d2) md5(0x02e2b648 0xde86edf0 0x6215ea96 0x66ed027c)
imgsum_verify: chksum(0x0   ) md5(0x513bb0f7 0x09df2683 0xd31c7b6f 0x1ff80e82)
Checksum verification on flash image failed.
Serial Number: 480281048 (0x1ca081d8)

Enter Activation Key
    Part 1 of 4:
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:IntekTech
ID: 36575655
ok.  I just got it loaded to pix6.2(2).

I'm afraid to reload it or try an upgrade again.  What should I do?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36579825
First check if there is a line like ' boot system flash ......' in your config, pointin to the correct image. If there is, first try a reboot. You have to going to try that sometime, might as well do it now.
0
 

Author Comment

by:IntekTech
ID: 36580870
I didn't find "boot system flash...." in the config.  I reloaded the pix and all gone again.

tftp pix622.bin again.

Cisco Secure PIX Firewall admin loader (3.0) #0: Fri Jun  7 17:35:02 PDT 2002
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
imgsum_config: sumval(0xb8d2) md5(0x02e2b648 0xde86edf0 0x6215ea96 0x66ed027c)
imgsum_verify: chksum(0x0   ) md5(0x899ff396 0xb4b84285 0x0b008f98 0x63be9a21)
Checksum verification on flash image failed.

I really need to get this resolved.  I would love to get the latest on there.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36581045
Well, as I said: if there is, try a reboot.

So you're in rommon again. If you do a dir or show flash, what does it show?
0
 

Author Comment

by:IntekTech
ID: 36581063

pix515fw# sh flash
flash file system:  version:2  magic:0x12345679
  file 0: origin:       0 length:1540152
  file 1: origin: 7602176 length:2337
  file 2: origin:       0 length:0
  file 3: origin:       0 length:0
  file 4: origin: 8257536 length:280
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36581259
?
That prompt doesn't look like a rommon prompt.
So are you in rommon or just normal mode?
0
 

Author Comment

by:IntekTech
ID: 36581414
I'm in normal, but if I reload I will lose it.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36582438
Ok, is that an exact screenshot of the sh flash?
Not looking good. That might indicate that your flash is corrupt.
Let me try to remember if that can be tested.
0
 

Author Comment

by:IntekTech
ID: 36582454
Yes, exact screenshot.  Let me know.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36582554
Try to do a 'clear flashfs', then reload, go to rommon and try to load the image again. See if it then wil commit to flash.
0
 

Assisted Solution

by:IntekTech
IntekTech earned 0 total points
ID: 36583557
still no luck.  I think it might be hardware problem. Might be flash corruption.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36585689
I am afraid it's starting to look like it :-~
Any change you still have a smartnet for the device?
0
 

Author Comment

by:IntekTech
ID: 36586608
no smartnet.  Not offered for the pix 515.  End of life apparently.  Tried to buy one a few months ago, but no luck.  Oh well.  Guess it's time for an ASA for the client.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 250 total points
ID: 36586793
That might be the wisest thing to do in this case. The 515 indeed is end of sale, life, support, etc.
0
 

Assisted Solution

by:IntekTech
IntekTech earned 0 total points
ID: 36601260
Ordered an ASA5505 for replacement.  Thanks for the help.
0
 

Author Closing Comment

by:IntekTech
ID: 36895884
Thanks for the help erniebeek.  Through a little research online found that it might be flash corruption.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36896078
You're welcome. Glad I could help you part of the way.
Thx for the points :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now